Recently, I created two new HIPAA training resources. HIPAA Whiteboard I created a 1-page visual summary of HIPAA, which I call the HIPAA Whiteboard. The idea was to summarize HIPAA in a concise and visually-engaging way. You can download a PDF handout version here. We’ve been licensing it to many organizations for training and awareness purposes. […]
Category: HIPAA Business Associates
Posts about HIPAA Business Associates by Professor Daniel J. Solove for his blog at TeachPrivacy, a privacy awareness and security training company.
HIPAA Enforcement 2017: Another Big Year for HIPAA Enforcement
At the end of 2017, the OCR logged just under $20 million in fines for HIPAA violations from 10 enforcement actions with monetary penalties. In 2016, the total in penalties was roughly the same amount but from 15 organizations. Here is an overview of the resolution agreements and enforcement actions with civil monetary penalties from […]
2017 HIPAA Enforcement
The first quarter of 2017 is not yet over and the OCR has already released details of four HIPAA enforcement penalties totaling over $11 million. 2016 set a record with $20 million in fines for the year, with $5.2 million of that coming in the first quarter. In just the first 2 months of […]
Lessons from 2016, the Biggest HIPAA Enforcement Year on Record
Time to call the Guinness Book of World Records because HHS has set a new world record in HIPAA enforcement. 2016 saw a considerable increase in HIPAA enforcement resolution agreements and monetary penalties. At the end of 2016, the OCR logged over $20 million in fines for HIPAA violations from 15 enforcement actions with monetary […]
HIPAA Cartoon on HIPAA’s Jargon
HIPAA is famously impenetrable, with so many special terms and definitions. I wrote this cartoon to capture the wonderful world of HIPAA jargon, which I hope fellow lovers of HIPAA can appreciate. I have another HIPAA cartoon here.
HIPAA Cartoon – HIPAA Compliance Program
Recently, HIPAA celebrated its 20th birthday. HHS issued a celebratory blog post. HIPAA is 20 years old if you start counting from the date the statute was passed (1996). If we measure HIPAA’s age from the date that the HIPAA Privacy Rule became effective (2003), then HIPAA is 13. So HIPAA could be 20 years […]
HIPAA’s Long Arm — and Why It’s a Good Thing
Recently, the U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) issued its first HIPAA resolution agreement and monetary penalty against a business associate (BA).
New Resource Page: HIPAA Training Requirements FAQ
by Daniel J. Solove I recently created a new resource page for the TeachPrivacy website: HIPAA Training Requirements: FAQ.
New Resource Page: Text of HIPAA’s Training Requirements
by Daniel J. Solove I recently created a new resource page for the TeachPrivacy website: Text of HIPAA’s Training Requirements. This page provides excerpts of the training provisions in the HIPAA Privacy Rule and the HIPAA Security Rule. This page is designed to be a useful companion page to our resource page, HIPAA Training Requirements: […]
Lawsuits for HIPAA Violations and Beyond: A Journey Down the Rabbit Hole
by Daniel J. Solove At first blush, it seems impossible for a person to sue for a HIPAA violation. HIPAA lacks a private cause of action. So do many other privacy and data security laws, such as FERPA, the FTC Act, the Gramm-Leach-Bliley Act, among others. That means that these laws don’t provide people with […]